Workstations and Servers are referred to as Computers in Migrator Pro for Active Directory. The Computer Actions screen allows the administrator to register Computers, change the agent polling interval, set the ReACL profile, upload Computer migration logs, make a Computer an Admin Agent, and manage the Computer Discovery, ReACL, Cutover, and Cleanup processes.
The Migrator Pro for Active Directory Agent must be installed on a computer before it can be registered or have any actions applied to it. Refer to Installing the Migrator Pro for Active Directory Agent on Computers for more information. |
The Job Options view allows the administrator to effectively manage the server and workstation environment during the migration event by scheduling computer jobs to run at specific points of time in the future. Each job, when applied to a Computer, will open the Job Options view giving the option to set a “Do not start before” date and time. If a job is scheduled for a later date and time, then it sits in the job queue and is not considered an active job for that Computer when the agent polls for jobs.
To view Computer Jobs:
To cancel a job, select the job and click the Cancel button or select Cancel from the Actions menu and click the Apply Action button. To refresh the jobs list, click the Refresh button.
Jobs can be canceled when the Status or Rollback Status is either Queued, Scheduled, Started, or In Progress. |
After the Discovery process has been completed for a Computer, you view the properties of that Computer.
To view a Computer's discovered properties:
Select View Properties from the Actions menu and click the Apply Action button. The Computer Properties window appears displaying the properties of the Computer and the user profiles associated with the Computer.
By default the agent polling interval is set to 900 seconds (15 minutes). The polling interval tells the agent how frequently to contact the Migrator Pro for Active Directory Server and check for jobs. If the polling interval is set to a high number, such as 14400 seconds (4 hours), it is possible that any command sent to that computer may not execute for up to four hours. Setting a Computer’s polling interval to a high number until close to the cutover date can help minimize load on the web servers. However, to ensure adequate response time on the day of cutover, it is recommended that you decrease the polling interval in advance of the Cutover process. Note: In large scale environments, having too many agents polling the same server for jobs all at the same time may accidentally result in DDoS against that server, so additional planning of agent polling and cutover is recommended.
Computers will only obtain an updated polling interval when next contacting the Migrator Pro for Active Directory web service according to their currently configured polling interval.
To set polling interval:
Edit the Polling Interval (seconds) field and click Apply.
The polling interval default for all newly registered computers can be changed in SQL in the ADM_Setting table field PollIntervalSeconds. |
To set Device ReACL Profile:
An agent currently running on a computer can be changed to be an Admin Agent to allow the computer to perform custom admin functions. Once changed to an Admin Agent, the computer will be removed from the Computers list and will appear in the Admin Agent list in Settings and will be able to only perform admin actions. Admin Agents cannot be changed back to a regular Computer agent.
To make a Computer an Admin Agent:
The Discovery process gathers properties (OS versions, network properties, and so on) from the computer to allow additional future functionality. The first discovery process begins for a computer when the computer becomes registered with the Migrator Pro for Active Directory server which will automatically occur after the Computer Agent has been installed, as long as the environment is properly configured.
To start the computer Discovery process manually:
The Queue Summary window appears.
Click OK. The Discovery Status column is populated with the current status. Use the Actions menu View Jobs option to view the list of jobs for the specific Computer.
The ReACL process updates the Computer’s domain user profiles for use by the matching target user after cutover.
It is recommended to remove or disable anti-virus software immediately prior to the ReACL process and only after a recent clean scan has been completed. | |
At least one group must be migrated to populate the map.gg file or the ReACL process will fail. Before ReACL can occur, the target Users and Groups which have permissions set on the Computer must be migrated to the target. |
To start the Computer ReACL process:
Two checks are performed at the start of the ReACL process. The first check is for invalid Source Profiles, which will be logged as a WARNING and those profiles will be skipped. The second check is for invalid Target Profiles, where a user may have created a profile with the target account before their machine is ReACL’d and cutover. By default, this is logged as a FATAL ERROR and will halt the ReACL process. However, it can be changed to a WARNING with the –t switch passed by editing the command in SQL. The ReACL Agent will automatically create two files on the computer being ReACL’d, map.usr and map.gg. These files are used to find the source permissions and add the appropriate target permissions during the ReACL process. System groups, such as Domain\Domain Admins and Domain\Domain Users are included in the map.gg file for updating the group permissions during the ReACL process. If the Active Directory environment is non-English, the values in the sAMAccountName column of the BT_SystemGroup table in the SQL database will need to be changed after Directory Sync Pro for Active Directory is installed to have the appropriate non-English values. If the Mapped Network Drive is being mapped via GPO or using an integrated credential such as the current Windows logon session, ReACL will create a warning entry in the log “…WARNING: The UserName value for drive U was empty and could not be mapped to the target user.” This warning does not mean that the mapped drive cannot be accessed after Cutover. | |
For Windows 10 and Windows Server 2016 computers, the ReACL process is decoupled from the actions against files, folders, and the registry. A ReACL against a Windows 10 or Windows Server 2016 computer will update all files and folders and registry entries found on the machine except for the user profile specific registry keys in HKLM, ntuser.dat, and usrclass.dat even if the user profiles option is selected in the ReACL profile. After a ReACL has been run against a Windows 10 or Windows Server 2016 computer, the user profile components will not be prepared during a cleanup process. The prepare and cleanup process should be completed along with the remaining ReACL activities against the user profile specific registry keys in HKLM, ntuser.dat and usrclass.dat at time of computer cutover (prior to domain join command). |
The Cutover process moves a Computer from the source domain to the new target domain.
To start the Cutover process:
Computers should not be ReACL'd once they have been cutover to the Target. This is not a best practice and is not supported as this can cause problems with the registry and user profiles. The Cutover Options are set on the Settings screen. |
The Rollback process moves a Computer back to the original source domain and restores any modified network settings. The Computer must have attempted Cutover for this explicit Rollback process to work.
To start the Rollback process:
The Cleanup process removes the Source SIDs after the Cutover process completes.
Cleanup should be done when the migration project is completed. Before running the Cleanup process if a trust is in place, the trust can be broken to test if any application permissions are broken. |
To start the Cleanup process:
The ReACL Rollback process rolls back all changes made by the ReACL process. ReACL Rollback can be performed on Computers that have completed the ReACL process.
To rollback ReACL:
The Cache Credentials process assigns a Cache Credentials job to workstation(s). See the Credential Cache and Offline Domain Join topic for more information.
The Offline Domain Join process is similar to the Cutover process for machines that are directly connected to the network. See the Credential Cache and Offline Domain Join topic for more information.
WARNING: Do not perform the Cutover process on Offline Domain Join workstations. The Offline Domain Join process takes the place of Cutover for workstations connecting via VPN. |
If any Admin Agent menu actions have been created for Computers, they will appear in the Actions menu:
The following columns appear on the Computer Actions screen by default:
The following additional fields can be displayed by customizing the columns:
Log files from the Migrator Pro for Active Directory Agent can be uploaded to the Migrator Pro for Active Directory Web Server using Microsoft BITS. To enable this functionality, the installer enables BITS Server Extensions for IIS and create a virtual directory called ComputerLogs where all uploaded files will be stored.
To upload Log files from the Migrator Pro for Active Directory Agent:
In the Job Options window, click Apply to begin the Upload Logs process as soon as possible. To select when the process will begin check Do not start before and then enter or select a date and time. If using the Do not start before option, the Do Not Start Before column in the Computer Jobs table will be populated with the selected date.
© ALL RIGHTS RESERVED. Feedback 利用規約 プライバシー Cookie Preference Center